Note:

It is very important to understand that it’s the user’s environment which has to be in a VDI session or VM and not the opposite.

That’s because when you access from computer A to computer B, you credential’s hash or Kerberos token is stored on computer A. Then if computer A is compromised, the malware or hacker can steal the hash or the token and impersonate you.

Conversely, if computer B is compromised, the malware or hacker cannot easily steal the hash or the token because it is not stored locally.

That’s why computer B must be the one where you perform the riskiest actions (user’s environment)

That doesn’t mean that your company is completely safe when a malware or a hacker take a control of an ordinary computer. However, once he’s in, he has more steps to perform before he can access or control critical equipment.

But that’s the key point. Security is not about preventing all malwares and all hackers from entering your company, because this is utopia land! Security is about preventing the most possible of malwares and hackers from entering, and then for the few who came in, to render their action as difficult you can.

Disclaimer

All data and information provided on this site is for informational purposes only, with no warranty of accuracy, completeness, currentness, suitability, or validity. The author will not be liable for any errors, omissions and takes no responsibility for any losses, injuries, or damages arising from its display or usage. All information is provided on an as-is basis.